[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-06-11
It should also be pointed out that a lack of support in openXRI and in the root authority servers was probably what stopped XML Dsig in XRI 2.0. From conversations a year or so ago I recall that Dirk and Brenno had some other issues as well. Though none of them at the time regarding cannonicalization. John B. On 12-Jun-09, at 4:40 AM, Nat Sakimura wrote: > It is kind of interesting that OpenID list is generally negative > against XML Dsig while OAuth is positive (though, as Eran states, > there is no use case for OAuth but for OpenID.) > > So, I posted next question to the OpenID List whether they > would be amiable to XML DSig if native language form of > libraries are provided to them. (I hope they will be.) > > We all know that XML DSig in XRI Resolution 2.0 did not get > any support. One of the factor must have been the lack of > easy to use library. This is one of the thing that we must > address. > > Scott's description of the constrained C14N would be a > good tool for changing people's mind set. > > IMHO, writing a good spec is one thing, but getting the > traction on it is also as important. Trying what we have > failed before again without a countermeasure is something > what I would like to avoid. > > =nat > > -------------------------------------------------- > From: "Drummond Reed" <drummond.reed@cordance.net> > Sent: Friday, June 12, 2009 9:58 AM > To: "'XRI TC'" <xri@lists.oasis-open.org> > Subject: [xri] Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-06-11 > >> Following are the minutes of the unofficial telecon of the XRI TC at: >> >> Date: Thursday, 11 June 2009 USA >> Time: 2:00PM - 3:00PM Pacific Time (21:00-22:00 UTC) >> >> (Note: Drummond could not attend so these minutes were taken by >> John.) >> >> ATTENDING >> >> Scott Cantor >> Nat Sakimura >> Will Norris >> John Bradley >> >> REGRETS >> >> Drummond Reed >> Eran Hammer-Lahav >> >> >> 1) DO WE STILL NEED A SIMPLE SIGNING METHOD? >> >> Among the attendees on this call, the consensus was, "probably not". >> >> Nat is still concerned about adoption, and is looking for more >> feedback from >> the OpenID mailing list. >> >> John cynically thinks signing will not be popular with some people >> no matter >> what the canonicalization method is. >> >> Scott is going to create a description of the constrained form. >> >> Scott added the following comment in email: >> >> ***** BEGIN QUOTE ***** >> >> Just for the permanent record, on the sparsely attended call today >> I raised >> one of my other concerns about the proliferation of proprietary >> signing >> mechanisms in specs, which is algorithm agility. >> >> I had been planning to mention to Will that copying the SAML spec's >> outdated >> recommendation to use RSAwithSHA1 as the signing algorithm was >> probably not >> the ideal choice, since SHA256 is gradually replacing SHA1 as the >> current >> "best option" until the new hash standard is done. >> >> The more one duplicates signing functionality across multiple spots >> in the >> software stack, the harder it is to maintain control over the >> algorithms >> being used and maintain some degree of agility as these old >> algorithms fall >> into disrepair. >> >> ***** END QUOTE ***** >> >> John thinks that once implementers try c14n once they will like it >> "like >> green eggs and ham", as Dr. Suess said. He said that making sure >> the 5 or 6 >> main OpenID libraries support it will cover 90% of the initial users. >> >> >> 2) OTHER XRD 1.0 ISSUES >> >> Will raised the question of TargetSubject and how that would work >> when >> delegating entire domains. It may be that using TargetAuthority >> will be >> sufficient. Will is exploring use cases. >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe from this mail list, you must leave the OASIS TC that >> generates this mail. Follow this link to all your TCs in OASIS at: >> https://www.oasis-open.org/apps/org/workgroup/portal/ >> my_workgroups.php >> > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]